Browsing the web may be easy, but ensuring your digital safety is not.

That's why there are hundreds of companies around providing numerous products to safeguard consumers and companies from malicious actors. While many of these companies offer seemingly identical products, some of the best are not only protecting users but researching what hackers are doing and exposing them.

Here are a few of the most influential companies on the market today, the people behind these firms, and some of the important vulnerabilities they've brought to light.

Kaspersky Lab: Eugene Kaspersky

Kaspersky Lab was founded in 1997 by the storied Russian security specialist Eugene Kaspersky. From the beginning it has provided anti-virus software to large companies. But in the 2000s it expanded to offer more wide-reaching products including consumer and mobile security products.

Its researchers have been known to expose some of the most famous hacking groups and their malware. These include Flame — which was discovered in 2012 as a highly advanced cyber espionage program — as well as the Equation group, which was just announced this year as a clandestine computer spying ring. Kaspersky Labs’ headquarters are in Moscow, although it has over 30 offices globally. 

FireEye: Dave DeWalt

FireEye is a California-based network security firm. It offers services meant to manage networks for potential threats as well as offer its customers detailed threat intelligence. The company has joined forces with federal authorities, universities, and other security groups to discover and combat various malware. Most recently, FireEye discovered a group of hackers known as FIN4, which was targeting Wall Street to steal insider information.

Its CEO, Dave DeWalt, is a well-known heavyhitter in the cybersecurity scene. He worked as CEO of the security company McAfee, and then reportedly turned down 40 other positions until he settled on taking the helm at FireEye.

Palo Alto Networks: Nir Zuk

Founded in 2005, Palo Alto Networks is a network security company known for building advanced firewalls directed toward enterprise customers. Its founder, Nir Zuk, worked as an engineer at Check Point and NetScreen Technologies.

Most of Palo Alto Networks’ products revolve around network traffic. The company has also made some important malware discoveries, most recently a family of malware known as “WireLurker” that took direct aim at Apple products. 

During the 2012 American presidential election, 129 million people cast ballots, while 106 million eligible voters neglected to do so. That’s only a 54.9 percent conversion rate, not to mention the 51 million voters who weren’t registered. Meanwhile, in 2015, there were almost 172 million Americans making purchases online. Those are apples and oranges, admittedly, but the ease with which the shopping occurs only helps its proliferation.

If the ultimate goal is maximizing the country’s voting turnout, shouldn’t we develop an Internet voting system? Voting from a computer at home could be far easier than waiting in long lines at polling stations or filling out mail-in forms.

But can it ever happen?

“For as far into the future as I can see, the answer is no,” says David Jefferson, a computer scientist in the Center for Applied Scientific Computing at Lawrence Livermore National Laboratory. In May 2015, Jefferson examined the possibility of Internet voting in a paper called “Intractable Security Risks of Internet Voting.” For anyone who has ever owned a personal computer, the first problem is obvious: malware.

“Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems.”

“We’re not even remotely close to guaranteeing that there’s no malware on your computer,” Jefferson says. The malware can do whatever task it’s programmed to accomplish, from erasing votes cast to changing them. And they can do these things without leaving any trace. “The malware might erase itself a half second later, and so there might be no evidence. And that’s one of half a dozen of problems.”

There are also the standard risks that come with any online activity. Denial-of-service attacks can shut down the voting system by overloading it. Mirror sites can trick voters into thinking their votes have been submitted, when really the information travels nowhere. Potential ransomware attacks can steal and encrypt votes, to be sold to the highest bidder. “Imagine the crisis if somebody encrypted the votes and said [to the government], ‘For one million, I’ll give you the key,’” Jefferson says. “Who would pay?”

Other scenarios are more insidious. A person using spyware can see who someone has voted for, allowing for scenarios that secret ballot attempts to solve: a person being outed for an unpopular vote, or punished for not voting a certain way. It might also increase the likelihood of selling votes: Spyware would allow an outside party to verify that a seller followed through, a prerequisite for any smart buyer.

“The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes,” writes Poorvi Voorha, a professor of computer science at George Washington University, in an email. That means developing a system so complex and secure it takes away a lot of what makes the prospect of online voting appealing.

“Unless we were to re-design the Internet from the ground up, there’s not likely to be a solution to these problems,” Jefferson says.

The United States has attempted online voting before. In 2000, Arizona used it in the Democratic primary through the private website election.com. And while the stakes were relatively low (the amount of people voting in the primary was far below that of the general election), the system was still under heavy coercion from outside forces. “There was definitely an external attack on that system,” Jefferson says. This year, Utah gave it a whirl during the Republican primary, and while the effectiveness of that trial is still being weighed, the system involved a 30-digit PIN number that many voters did not receive in time to vote.

Yet the country of Estonia has somehow, supposedly, already figured it out. The small country has been offering its 1.3 million citizens the ability to vote on the Internet since 2005; more than 30 percent of the country’s votes are cast online. How can a relatively small country with a gross domestic product one-fifth the size of the state of California do something America can’t? Because the Estonian system isn’t that great.

In 2014, an independent team from Michigan took a look at the Estonian voting procedures and found plenty of issues. The system uses home computers that are trusted not to be infected by malware. Vote counting is done on servers, hidden away from outside scrutiny, unlike the physical counting of ballots. “There are protections in place to make sure the servers aren’t compromised,” says J. Alex Halderman, an assistant professor of computer science and engineering at the University of Michigan who worked on the report. “But if they are, they can output any vote totals they want.”

“The only way to avoid bribery and/or coercion with remote voting is to have complicated voting and registration processes that allow voters to vote multiple times or use different passwords for true and bogus votes.”

In fact, the lessons from the Estonia system may simply be how good the old system is at preventing fraud. Sure, there are stories every election of votes being lost or miscast, and voter disenfranchisement and district re-jiggering are real problems that deserve scrutiny. But those problems are relatively out in the open, where they can be examined and corrected, and not hidden in the ones and zeroes of the digital world.

“There are advantages of old technology,” Halderman says. “If you make things less efficient to count, you are making fraud less efficient. Voting on paper has inconveniences and its share of flaws, but the problem with online voting is a single attacker who finds a single flaw.”

Halderman knows from experience. In the 2010 general election, Washington, D.C., piloted an Internet voting system. It was unique in that the officials urged the public to hack into the system as a way to test vulnerabilities and, perhaps, provide the public with proof of concept. Halderman and his team took them up on it. “Forty-eight hours after they started, we’d hacked in and changed all the votes from here in Michigan,” he says.

Right now, things aren’t looking good for Internet voting. But everything advances; technology adapts. At some point in the future, maybe even soon, the security flaws of online voting might be solved, right?

“I’m not sure we’re going to be able to get there, to be honest with you,” Halderman says. “In security, it comes down to the cat and mouse game. And the attackers are getting better as fast, if not faster, than the defenders.”

SEE ALSO: 11 things everyone is going to love about Apple's iOS 10

Join the conversation about this story »

NOW WATCH: How much money you need to save each day to become a millionaire by age 65

The federal government has made legal requests to more than one major internet company for the passwords to users' accounts, according to CNET.

The report is frustratingly thin on details.

But it represents an even worse scenario than the one posited by NSA leaker Edward Snowden, who claimed the feds have a program named PRISM that gives them access to the servers of Google, Facebook, Microsoft and other major web providers. The companies have denied that such a program exists, saying they only respond to specific legal requests about individuals.

Legal demands for password, as reported by CNET, go beyond the mere one-time production of data from a users' account, of course. On Google, for instance, once someone has the password to your Gmail account they've got lengthy access to your calendar, search history, Drive docs, Gmail chats, and maybe your Google+ account.

CNET reports the unnamed companies have pushed back on the demands.

SEE ALSO: Microsoft Tells The Obama Administration: 'The Constitution Is Suffering' Under PRISM

Join the conversation about this story »

In the wake of seemingly endless leaks from ex-NSA contractor Edward Snowden, President Obama's attempt to manage the political fallout seems destined to fail.

On Friday, Obama announced that he would form a "high-level group of outside experts" to review intelligence and communications technologies. This group, Obama said, would be "independent" — able to step back freely — to review surveillance technologies and "consider how we can maintain trust of the people."

It only took the weekend for much of any trust in that group to fade.

On Monday, Director of National Intelligence James Clapper confirmed that yes, the review group would happen. He also confirmed that, yes, he would be establishing it.

This is the same James Clapper who gave false information to Congress when asked whether the NSA was collecting data on Americans. He later apologized.

Perhaps most interesting in Clapper's statement on Monday is the absence of wording used on Friday: independent, and outside. In an expanded statement, the White House said the group would present their interim findings to his office, and the final report would go "through the Director of National Intelligence."

"In practice — not theory — Clapper gets to chop the draft of the interim and final reports, and the Office of the Director of National Intelligence would — again, in practice — assist in selecting the members of the review group," Robert Caruso, a former assistant command security manager in the Navy and consultant, said in an email.

This arrangement is sure to arouse suspicions, with many Americans showing distrust after leaks of previously unknown spying programs. Even Sen. John McCain (R-Ariz.), a veteran politician and national security hawk, admitted as much to Fox News Sunday:

“Right now there’s kind of a generational change. Young Americans do not trust this government,” McCain said.“Without trusting government you can’t do a lot of things.”

Still, Caruso believes there can be good to come from such a review. "I trust [Clapper] has the best intentions at heart." But on whether that final report would be transparent or heavily redacted, he told me, "we'll have to wait and see."

Join the conversation about this story »

Anti-secrecy organization Wikileaks just released a treasure trove of files that, at least for now, you can't read.

The group, which has been assisting ex-NSA contractor Edward Snowden after he leaked top-secret documents to the media, posted links for about 400 gigabytes of files on their Facebook page Saturday, and asked their fans to download and mirror them elsewhere.

Here's the cryptic post:

The organization posted the same message about its "insurance" files to Twitter.

You can download the files via torrent but since they are encrypted — and Wikileaks has not yet provided the key — you won't be able to open them.

We can garner at least one thing of note from the file names alone: They probably have a very high level of encryption. The end of the files, "aes256," likely stands for Advanced Encryption Standard-256 bits.

It's a way of locking up your files that even the NSA has approved for use on top-secret data.

What's in the files is anyone's guess for now, but there's already plenty of speculation.

SEE ALSO: TIME Journalist: I Can't Wait To Write About The Drone Strike That Kills Julian Assange

Join the conversation about this story »

If you want to maintain your privacy online, it seems the only way to do it these days is to turn off your computer.

All of the big tech companies are bound by the Patriot Act and receive National Security Letters (NSL's) from the government asking them to turn over user data when it's "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities."

It's pretty well known that if you use services like Google and Facebook, you shouldn't expect much when it comes to privacy. But if you prefer to stay off the grid, what can you do?

For the average Internet user, the options are dwindling.

On Aug. 5, researchers discovered the Tor service, known for anonymizing its users' web browsing, was actually revealing user data which they believe had a "high likelihood" of being sent back to the NSA. Just days later on Aug. 9, two U.S.-based providers of secure email services voluntarily shut down. Both were preemptive efforts to protect their users from government eyes.

These aren't new developments. In 2007, Canada-based encrypted email provider Hushmail turned over emails to the DEA in response to a court order.

But even advanced users knowledgeable in encryption have reason to fear.

"With the tapping of backbone internet providers, interested parties can now see all traffic on the internet," wrote Louis Kowolowski of Silent Circle, one of the encrypted email services that was shuttered. "The days where it was possible for two people to have a truly private conversation over email, if they ever existed, are long over."

Perhaps more interesting is a slide detailing the formerly secret "XKEYSCORE" program run by the NSA and leaked by former contractor Edward Snowden.

"How do I find a cell of terrorists that has no connection to known strong-selectors?," a question on the slide reads. The answer: "Look for anomalous events."

Among the anomalous events is "someone who is using encryption" or someone searching "for suspicious stuff."

According to the NSA, if you are using encryption — that is, trying to make sure no one besides the person you just emailed is reading the words you have typed — you are lumped in with terrorists.

It's the digital equivalent of a police car patrolling your neighborhood and deeming your home suspicious because the blinds are shut.

As former intelligence analyst Joshua Foust writes in an essay titled "Face It: Privacy Is Dead," it's pretty tough to stay off the radar when the Internet was created by the government to begin with.

He writes:

When people really want to keep their data secret, they invest heavily in the infrastructure to do so. The intelligence community went to the expense of building its own alternate networks to keep their data safe (so long as they’re not broken by construction crews in Tyson’s Corner, VA). It also forbids the use of cell phones, cameras, and even CD players in its intel facilities. When they were not prohibited, like at Bradley Manning’s base in Iraq, a massive breach occurred.

But the average citizen can't afford — nor would it even make sense — to build a system such as the military's SIPRnet to communicate with others. Instead, we have cheap alternatives such as PGP that aren't exactly a breeze to set up.

So the alternative it seems is not one you want to hear: If you really value your privacy, turn off your cell phone, unplug your network cable, and only talk face-to-face. Foust may be right when he deems online privacy dead, but more compelling is that the government has effectively deemed it illegal.

SEE ALSO: Government Reportedly Threatened Arrest Against Founder Of Snowden's Encrypted Email Service

Join the conversation about this story »

Of all the horrifying scenarios that hackers could pull off — from launching nukes to spoofing air traffic control— the one that poses the biggest risk for Wall Street would be a cyber attack on equity markets.

In the summer issue of hacker magazine 2600, pseudonymous writer "Eightkay" shows how such a scenario could pan out:

Now imagine this attack scenario. Agents of an enemy of the United States successfully break into the mainframes of a High Frequency Trading Company, Dark Pool Crossing Network, or Brokerage Company. They infect the system with rogue trading algorithms or change the code on currently deployed algorithms. In a single coordinated attack, they buy and sell millions of shares of a single company or multiple companies, causing trading to halt or decimating the value of a single stock. Multiply that by 100 stocks of the top Fortune 500 companies and we have market collapse. Trading for the day would halt and Uncalculated economic damage would be done.

The days of screaming floor traders have long passed as computers now make financial moves in microseconds. The shift has already given way to (non-hacker initiated) computer glitches costing serious money: Knight Capital lost $450 million in 2012, and Goldman Sachs is still trying to get to the bottom of $100 million in botched trades. 

Hackers were able to "repeatedly [penetrate] the computer network" of the Nasdaq Stock Market in 2011 — although they luckily weren't able to make it into the exchange trading platform.

And a report from Reuters in July of this year found 53% of the world's securities exchanges had experienced at least one cyberattack in the last year. Most were simple denial-of-service or virus attacks — but they are getting better.

"Cybercrime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage," the report read.

While there are safeguards such as market monitors and circuit breakers, "Eightkay" writes, "this attack could happen quickly, rapidly, and across multiple fronts" laying waste to investor confidence and damaging the economy.

It's also worth noting that "Eightkay" doesn't advocate such an attack or show how it can be pulled of in his column. He's simply sounding the alarm bell.

SEE ALSO: The 7 Deadliest Computer Hacks Known To Mankind

Join the conversation about this story »

Millions of Android smartphone users are susceptible to security vulnerabilities such as viruses and malware, according to an internal bulletin prepared by the Department of Homeland Security and the FBI.

The July 23 bulletin, obtained by the website Public Intelligence, reveals that Android — as the most widely used mobile OS — continues to be the target of attacks due to "its market share and open source architecture."

"44 percent of Android users are still using version 2.3.3 through 2.3.7 — known as Gingerbread — which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions," the bulletin reads.

Android leads the smartphone market, with roughly 80% global market share. While more popular in the consumer, rather than the public sector, the bulletin warns that software needs to be kept up-to-date as more federal, state, and local authorities use Android.

The bulletin describes some of the threats if the OS isn't updated to the latest, and more secure software. These include viruses that send out text messages without the user's knowledge, and "rootkits," which are able to log user locations and passwords.

The current 4.3 version of Android, known as Jelly Bean, is considered much safer — with a built-in feature that allows users to scan installed apps for signs of malicious or dirty code, according to Phandroid.

Join the conversation about this story »

All Apple devices have been successfully infected by the NSA with spyware, according to new documents published by Der Speigel, the German magazine.

We first saw the story on The Daily Dot, and it is chilling:

An NSA program called DROPOUTJEEP allows the agency to intercept SMS messages, access contact lists, locate a phone using cell tower data, and even activate the device’s microphone and camera.

... According to leaked documents, the NSA claims a 100 percent success rate when it comes to implanting iOS devices with spyware. The documents suggest that the NSA needs physical access to a device to install the spyware—something the agency has achieved by rerouting shipments of devices purchased online—but a remote version of the exploit is also in the works.

Here's a copy of a NSA document explaining how "DROPOUTJEEP," its Apple spyware, works:

It's not the first time we've seen documents alleging that the NSA spies on Apple customers. NSA leaker Edward Snowden produced an NSA document that calls Steve Jobs "Big Brother" and his customers "zombies."

This video lecture was published today by the journalist who got the scoop:

In the speech Applebaum all but accuses Apple of cooperating with the NSA to allow the agency to access any iPhone:

"[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I'd like to believe that since Apple didn't join the PRISM program until after Steve Jobs died, that maybe it's just that they write sh---y software. We know that's true."

SEE ALSO: Purported NSA Slides Refer To iPhone Owners As 'Zombies' And Steve Jobs As 'Big Brother'

Join the conversation about this story »

(Reuters) - Hackers breached the computer networks of luxury department store chain Neiman Marcus as far back as July, an attack that was not fully contained until Sunday, the New York Times reported, citing people briefed on the investigation.

Neiman Marcus said on Friday that hackers may have stolen customers' credit and debit card information, the second cyber attack on a retailer in recent weeks.

Neiman Marcus had said it first learned in mid-December of suspicious activity that involved credit cards used at its stores.

However, in a call with credit card companies on Monday, Neiman acknowledged that the attack had only been fully contained a day earlier, and that the time stamp on the first intrusion was in mid-July, the paper said. (http://link.reuters.com/kyd26v)

Neiman Marcus spokeswoman Ginger Reeder declined to comment to Reuters on the New York Times report about the July hack attack.

"We did not get our first alert that there might be something wrong until mid-December. We didn't find evidence until January 1," Reeder told Reuters late on Thursday.

Neiman Marcus did not say how many credit cards were affected but said that customer social security numbers and birth dates were not compromised.

"Customers that shopped online do not appear at this time to have been impacted by the criminal cyber-security intrusion. Your PIN was never at risk because we do not use PIN pads in our stores," Chief Executive Karen Katz wrote in a letter to customers, a copy of which was posted on the company's website.

Katz said the company has taken steps to contain the situation, including working with federal law enforcement, disabling the malware and enhancing security tools.

The company is also assessing and reinforcing its related payment card systems, Katz said.

The U.S. government on Thursday provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp, in a move aimed at identifying and thwarting similar attacks that may be ongoing.

(Reporting by Sakthi Prasad in Bangalore and Jim Finkle in Boston; Editing by Supriya Kurane)

Join the conversation about this story »

A popular encryption tool used and endorsed by ex-NSA contractor Edward Snowden abruptly shut down on Wednesday, with its website telling users the tool is "not secure" without giving additional detail.

The decade-old tool — called TrueCrypt — allowed users to encrypt sensitive files and hard drives and was a favorite of security-minded individuals. One of those people was Edward Snowden, who hosted a "Crypto Party" in Dec. 2012 to teach a group of people how it to encrypt hard drives and USB sticks, while still working as a contractor for the NSA in a Hawaii.

But the sudden closure of TrueCrypt has led some to speculate the anonymous developers behind it had aroused the eye of the U.S. government and they decided to just throw in the towel. (Snowden's encrypted email service, Lavabit, suffered a similar fate).

The "advisory comes as a shock to the security community, though no one has been able to confirm its authenticity so far," wrote Runa Sandvik, a developer of the Tor anonymous web browser, in Forbes.

Snowden's endorsement of Truecrypt almost certainly put a target on those anonymous developers, 100x so if moonlighting Feds.

— Dan Kaminsky (@dakami) May 29, 2014

Interestingly, the shut down came as a full-scale professional security audit of the TrueCrypt software was underway, led by Matthew Green, a cryptographer and professor at Johns Hopkins University, journalist Brian Krebs reported.

So far, the audit had not found anything suspicious in the code, but Green told Brian Krebs the fact TrueCrypt has been taken down could lead some to believe there's some "big evil vulnerability in the code."

"I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green told Brian Krebs. "But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits."

Join the conversation about this story »

The surge of Web-connected devices -- TVs, refrigerators, thermostats, door locks and more -- has opened up huge opportunities for cyberattacks because of weak security, researchers said Tuesday.

A study by the Hewlett-Packard security unit Fortify found 70 percent of the most commonly used "Internet of Things" devices contain vulnerabilities, including inadequate passwords or encryption, or lax access restrictions.

"While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface," said Mike Armistead, vice president and general manager for Fortify's enterprise security.

"With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats."

The study comes amid recent security warnings about hacking of medical devices, cars, televisions and even toilets that have an Internet connection.

The researcher scanned the most popular devices and their cloud components and found on average 25 vulnerabilities per device. These products included TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers.

The study said eight of 10 devices tests leaked private information that could include the user's name, email address, home address, date of birth, credit card or health information.

Most of the devices lacked passwords, making it easier for hackers or others to gain access while some included simple default passwords such as "1234."

Some 70 percent of the devices analyzed failed to use encryption for communicating with the Internet and local network, another weakness that makes for easy outside access.

HP said that while demand for these devices is surging, security has failed to keep pace, and this "opens the doors for security threats" from a variety of sources.

The study said some estimates indicate as many as 26 billion devices will be connected to the Internet by 2020.

"Fortunately, there's still time to secure devices before consumers are at risk," the report said.

Join the conversation about this story »

WASHINGTON (Reuters) - A company that performs background checks for the U.S. Department of Homeland Security said on Wednesday it was the victim of a cyber attack, adding in a statement that "it has all the markings of a state-sponsored attack."

The computer breach at Falls Church, Virginia-based US Investigations Services (USIS) probably involved the theft of personal information about DHS employees, according to the Washington Post, which first reported the story.

DHS has suspended all work with the company amid an investigation by the FBI, the Post reported. A U.S. government official confirmed to Reuters that the FBI is investigating the breach.

The Office of Personnel Management has also suspended work with USIS out of an abundance of caution, it said, adding that government officials do not believe the breach has affected non-DHS employees.

“Our forensic analysis has concluded that some DHS personnel may have been affected, and DHS has notified its entire workforce” of the attack, department spokesman Peter Boogaard was quoted by as saying by the newspaper.

"We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible," USIS said in the statement on its website.

"We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack," it said.

"Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack," the company said.

USIS says it is the biggest commercial provider of background investigations to the federal government, has over 5,700 employees and provides services in all U.S. states and territories, as well as abroad.

(Reporting by Eric Walsh; Editing by Eric Beech)

Join the conversation about this story »

Browsing the web may be easy, but ensuring your digital safety is not.

That's why there are hundreds of companies around providing numerous products to safeguard consumers and companies from malicious actors. While many of these companies offer seemingly identical products, some of the best are not only protecting users but researching what hackers are doing and exposing them.

Here are a few of the most influential companies on the market today, the people behind these firms, and some of the important vulnerabilities they've brought to light.

Kaspersky Lab: Eugene Kaspersky

Kaspersky Lab was founded in 1997 by the storied Russian security specialist Eugene Kaspersky. From the beginning it has provided anti-virus software to large companies. But in the 2000s it expanded to offer more wide-reaching products including consumer and mobile security products.

Its researchers have been known to expose some of the most famous hacking groups and their malware. These include Flame — which was discovered in 2012 as a highly advanced cyber espionage program — as well as the Equation group, which was just announced this year as a clandestine computer spying ring. Kaspersky Labs’ headquarters are in Moscow, although it has over 30 offices globally. 

FireEye: Dave DeWalt

FireEye is a California-based network security firm. It offers services meant to manage networks for potential threats as well as offer its customers detailed threat intelligence. The company has joined forces with federal authorities, universities, and other security groups to discover and combat various malware. Most recently, FireEye discovered a group of hackers known as FIN4, which was targeting Wall Street to steal insider information.

Its CEO, Dave DeWalt, is a well-known heavyhitter in the cybersecurity scene. He worked as CEO of the security company McAfee, and then reportedly turned down 40 other positions until he settled on taking the helm at FireEye.

Palo Alto Networks: Nir Zuk

Founded in 2005, Palo Alto Networks is a network security company known for building advanced firewalls directed toward enterprise customers. Its founder, Nir Zuk, worked as an engineer at Check Point and NetScreen Technologies.

Most of Palo Alto Networks’ products revolve around network traffic. The company has also made some important malware discoveries, most recently a family of malware known as “WireLurker” that took direct aim at Apple products. 

Cylance: Stuart McClure

In the world of computer security, the Irvine, California-based Cylance is a somewhat smaller entity. It launched in 2012 and has yet to go public like most of the companies on this list.

But in the last few months the company, which provides anti-malware and threat management using mathematics and machine learning, has made a few very noteworthy discoveries. Last year it discovered a very sophisticated Iranian hacking initiative known as Operation Cleaver. And just a month ago Cylance announced a bombshell discovery of a vulnerability in many hotel Wi-Fi setups making both the people on the network surfing the web open to hacking, as well as private networks of the hotels themselves.

Its founder, Stuart McClure, has worked in cybersecurity for years, including a stint as CTO of McAfee. He's best known, however, as co-author of the seminal information security book Hacking Exposed.

Group-IB: Dmitry Volkov

Another Russian cybersecurity firm, Group-IB focuses specifically on cyber crime and fraud. It has been around since 2003, with customers in more than 25 countries. It claims its is the largest Eastern European forensic lab and “is involved in 80% of all high-profile investigation cases in the field of high-tech crime.” Late last year, Group-IB released a report along with the other firm Fox-IT detailing a hacker group known as the Anunak gang, which supposedly wreaked cyber havoc on the Russian banking sector.

The firm's Head of Threat Prevention & Investigation Department, Dmitry Volkov, has been a prominent voice leading Group-IB toward becoming the go-to expert on Russian cybercrime. 

Trustwave: Robert McCullen

Trustwave has been around since 1995 and is one of the largest information security companies around. Its research team, SpiderLabs, performs deep forensic investigations and has made a slew of malware discoveries of late. They include a family of point-of-sale malware known as Spark, which is able to steal critical card data, as well as a hacker server in 2013 that contained millions of stolen passwords. Earlier this year Trustwave was acquired by the Singapore company Singtel for $810 million.

The company's CEO, Robert McCullen, has been at Trustwave's helm for nearly a decade, after working security at both Verisign and Netrex. 

Avast: Vincent Steckler

Avast, which was started in 1988 in the Czech Republic, is one of the largest security vendors in the world. It is most known for its antivirus products, which the company claims its products are used on more than 30% of the non-Chinese consumer PCs.

Vincent Steckler has served as its CEO since 2009, and is a known resource about the current state of cyber security. Avast's researchers have discovered a few well-known security vulnerabilities, including big issues with home Wi-Fi routers as well as one exploit found in numerous Android apps. 

Now watch this >>

The 7 safest apps to send private and secure messages

It has not been a good week for Hola.

The Israeli company is behind a wildly popular browser plugin and app that disguises users' identities online. Over the last few days, it has been hit with a deluge of negative press after it emerged that users of the service had had their computers hijacked and used as a giant "botnet" to attack a website. 

A botnet is a network of (normally) unwitting computers hijacked by a third party, and used to launch some kind of malicious attack, or just to overwhelm a web site or server with fake requests or traffic.

Exacerbating the criticism is the fact that Hola is openly selling its users' bandwidth via a commercial side project called Luminati, and researchers claim to have discovered a number of serious security vulnerabilities in the software.

After reports that users' computers had been hijacked and the company was selling users' bandwidth, Hola CEO Ofer Vilenski told Business Insider that the company"has been listening to the conversations about Hola... [and] have decided to provide more details about how this works."

Then, following the publication of two highly critical reports from security researchers, one accusing the company of"negligence, plain and simple," we reached out to Vilenski again. He told me the company has experienced some "growing pains," but that the security issues have since been patched — and hopes to grow into a "great billion dollar company."

What is Hola?

Based in Israel, Hola has 75 employees (around 35 of which are developers), and has received more than $20 million in venture capital funding since its launch. Before the current firestorm it had enjoyed positive press coverage, including CNN Money and here on Business Insider. Its website says it has more than 47 million users around the world.

So what does it do?

Hola lets users access websites that are unavailable or censored on their connections. A user might want to circumvent a workplace's block on Facebook, or to access a video streaming service not available in their country. To do this, Hola uses what is known as a VPN, or virtual private network.

Most commercial VPN services require users to pay to use them, but Hola is totally free (though offers a paid option). Why? Because while most companies like this own or rent dedicated servers to act as "exit nodes" through which the user accesses the internet, Hola pursues a different approach. Everyone is an exit node.

So, for example, when a British user sets their location on the tool as Norway, their internet traffic is being routed through the connection of a randon Norwegian user on the Hola network. And simultaneously, the British user's connection may be used as the exit node for a South African user to connect to the web. It's a peer-to-peer network that does away with the need for dedicated hardware — allowing it be offered as a free service.

Hola doesn't hide the fact it works on a peer-to-peer system, although it wasn't always immediately clear from the website that users will by default act as an exit node. (Users can also pay a premium subscription fee to opt out of this.)

Hola also sells its users' bandwidth

Hola also operates a second service — one that sells Hola users' bandwidth for profit. It's called Luminati, and its customers can hire the Hola network for their own purposes. The company suggests it can be used for brand monitoring or anti ad-fraud checks, but a salesperson told security researchers that the company has"no idea what [customers] are doing on our platform."

This can have dangerous implications — as Fredrik Brennan found out. He claims the Hola network was used to attack his website last week.

Brennan, often known by the online moniker "Hotwheels," is the administrator of 8chan, a countercultural online messageboard. The site was targeted by thousands of "legitimate-looking" posts, he wrote in a blog post, "prompting a 100x spike over peak traffic."

The Hola network — and the computers of users on it — had been used as a giant botnet, a network of hijacked machines intended to overwhelm the site, Brennan claims.

Before recent events, there was only a brief acknowledgement on Hola's site that the network might be used for "commercial" purposes, and no mention at all of Luminati, which has been in operation since at least October 2014. (A fuller explanation has since been added.) As such, it's doubtful that many users realise Hola is selling their bandwidth.

A Reddit thread from last week discussing the subject was filled users expressing their surprise and asking how to uninstall it. (And in an unscientific strawpoll of people I know who use Hola, none were aware that they were being used as an exit node on the network — much less that their bandwidth was being sold by Hola.)

"Even if they had said it all along in their FAQ,"wrote one commenter on news site Hacker News, "it's still infuriatingly disingenuous for someone to act as if anyone ever browses to Hola's site and reads their FAQ either before or after installing the Hola malware extension. No ordinary person will ever do this."

Vilenski did not comment on how many clients Luminati has.

Security researchers pile on

Vilenski confirmed that Luminati had been used to mount the attack, though he told me last week that there was nothing uniquely vulnerable about Hola's VPN — the hacker "could have used any commercial VPN network, but chose to do so with ours." The attacker has since been blocked from the service.

Since then, however, security researchers have pointed out a number of further vulnerabilities in Hola's software.

It began with a report entitled "Adios, Hola!" that urged users to "immediately uninstall" the service. It said that Hola:

• Lets users "be tracked across the internet, no matter what you do."
• Makes users less secure by "[sending] traffic of strangers through your internet connection"— a reference to Hola's peer-to-peer model where everyone is an exit node.
• "[Sells] access to third parties, and [doesn't] care what it's used for." When a researcher asked the company how it enforces its terms of service for Luminati, the company responded "we don't... we have no idea what you are doing on our platform."
• Lets "anybody execute code on your computer." The researchers say they found a vulnerability in Hola that lets websites remotely execute code on a user's computer. They built an example that opened a calculator on Windows users' computers — but it could also be used for far more malicious purposes. Here's a video of the demonstration:
  

Following the publication of the report, Hola moved to patch the vulnerabilities, and Vilenski told me that the security vulnerabilities have now been fully patched.

But an update to the Adios Hola post disputes this, saying that "many of the issues are ignored, and some claims [in a Hola statement] are simply false."

It continues: "The vulnerabilities are *still* there, they just broke our vulnerability checker and exploit demonstration. Not only that; there weren't two vulnerabilities, there were six."

One of the researchers told Motherboard that"while some bugs were fixed, the most critical ones haven't been, making it still possible to hack Hola users."

Vilenski countered that he disagrees, and that he cares "more about my users than what that website says." He invites the researchers behind Adios Hola to present details of the six vulnerabilities that are allegedly still in effect.

That's not all: Vulnerabilties in Hola have allegedly been exploited in the past. A second security report, this time from Vectra, discovered 5 pieces of malware online "that contain the Hola protocol."

If true, this means that anyone who has used Hola in the past may have been actively targeted by hackers.

"Unsurprisingly," Vectra writes, "this means that bad guys had realised the potential of Hola before the recent flurry of public reports by the good guys."

Vilenski confirmed to me Hola was not aware of its vulnerabilities until the publication of the first report.

Hola hasn't alerted its users

Following an avalanche on negative publicity everywhere from the BBC to Motherboard, Hola updated its FAQ to explain more clearly the Luminati service, as well as a blog post in which the company says it fixed the vulnerabilities identified. The company's website now has a banner across the top explaining clearly that users' bandwidth may be used by others.

But Hola users may not understand the technical details of how their computers are being used by the company, and unless they visit the website again, they're unlikely to find out — because as Vilenski told me, the company has made no attempt to contact existing users to explain how the tool works or that their bandwidth is being sold for profit. Hola can't contact them. It apparently has no way to.

This also means Hola has not alerted users about the vulnerabilities on the platform either — vulnerabilities that have been used to target Hola users in the past (and according to some security researchers, are still active).

(The company also hasn't alerted its users via its Facebook or Twitter profiles, neither of which has been updated in several months.)

In theory, Hola could use its browser plugin to display a message explaining the peer-to-peer system, the nature of Luminati, and the vulnerabilities that may have compromised their computers. When I asked if he would commit to doing so, Vilenski told me that while it's a "good idea," but he "cannot make that promise."

The company does not want to be "technically intrusive."

Hola defends itself

Again, Vilenski claims that all the vulnerabilities Hola knows about have been patched, and says that researchers should explain exactly what they've found to the contrary, instead of accusing him of negligence.

Vilenski also says it's important to keep this in proportion. He argues that the vulnerabilities amount to "growing pains," similar to what has happened to other big companies in the past. If you put a "big enough bounty" on any product, vulnerability will be found, and Hola has "just become big enough to become attractive to this scrutiny."

He also argues that Hola's peer-to-peer system is analogous to Skype, which also uses a similar method to transmit data. But Skype will only route voice data through the computers of users on the network, while Hola uses web data — and also caches content on users' machines, Vectra's report says.

This means if you were being used as an exit node for someone browsing child pornography, then that illegal material would be being saved on your machine. Vilenski counters that it would be unwise to use Hola for illegal activity, as they keep a map of the traffic between nodes, and will cooperate fully with law enforcement.

Vilenski also says that, on average, a user will only give up 6 MB of bandwidth per day using Hola, and only when their device is idle. It will not use devices' bandwidth when not plugged in so as not to waste battery power, for example. However, he couldn't put a figure on what the maximum bandwidth usage might be.

The future of Hola?

Vilenski remains positive about the future of the platform. It has seen no meaningful decrease in users as a result of the recent news (though this may be at least in part because they haven't been widely notified), and every developer at the company is currently working to improve security. Hola is also paying for a security audit from one of the"big 4 auditing companies' cyber auditing team," and launching a bounty program to encourage researchers to discover and declare more bugs.

Looking ahead, Hola plans to launch a B2B video product that could cut the cost of distributing video on the internet by 90%. The aim is to "build a great billion dollar company," Vilenski told me.

It remains to be seen whether it can win back users' trust, however — or convince security professionals that its services can be relied on. And there are more immediate hurdles to overcome: The company's Google Chrome plugin, which once had more than 16 thousand positive reviews, has now been removed by Google from the Chrome Web Store.

Join the conversation about this story »

NOW WATCH: A Computer Just Solved A 400-Year-Old Math Problem About The Best Way To Stack Balls

The American military has been breeding the US' top leaders since the day the Declaration of Independence was signed. 

But once they're done serving their country, many head to the financial services sector. 

That means bringing four-star general experience onto corporate boards, and, the mettle forged in jet fighting missions into management. 

That includes David Petraeus, who headed the CIA before resigning, and, later, taking a post at private equity firm KKR. Others might be surprised to see our list include Blackstone Group CEO Stephen Schwarzman. 

There are a lot of other Wall Street hot-shots, too. Big name banks like JPMorgan and Bank of America have launched ambitious initiatives to bring the military's finest to the forefront of financial services. Often, they're competing with private equity firms like Blackstone and KKR for top talent. 

They come from all branches of the US military: Army, Navy, Air Force and Marines. They also hail from the reserves. 

For this Veterans Day, Business Insider takes a look at some of the financial sector pros who first learned about hard knocks from a drill instructor. Have a look:

Kelsey Martin was a fighter pilot before joining Goldman Sachs

Kelsey Martin spent more than a decade with the US military, first studying economics at the US Naval Academy and then as a fighter pilot and as an electronic warfare instructor. After his time in the Navy, he headed to the Booth Business School at the University of Chicago for his MBA. A short stint at Morgan Stanley was followed by a 10-year run at Goldman Sachs, where he's currently employed, according to his LinkedIn profile. 

Steve Schwarzman did a stint in the reserves before launching his finance career

After a short stint at investment bank Donaldson Lufkin & Jenrette, a young Steve Schwarzman would briefly take a turn in the US Army Reserves before returning to the world of finance. Following his time in the reserves, Schwarzman would head to Harvard Business School, and then into Lehman Brothers, where his career in finance would take off. Today, he's the 38th richest man in the US, according to Forbes. 

Wesley Clark ran for president, then, ran to private equity

Former General Wesley Clark left the US Army at the rank of General after more than three decades of service in 2000. He would then go on to run for President of the United States — as a Democrat — in 2004 and remained active in politics afterwards. Clark made his move to PE in 2013, joining Steve Schwarzman's Blackstone Group. 

Owen West served not one, but two tours in Iraq

Owen West is a Marine's Marine. He did two tours in Iraq, and followed it up by writing a series of books. Today, he's a partner in Goldman Sachs' securities division and head of US natural gas and power trading. He was named managing director in 2006 and partner in 2014.

And, he's clearly got a sense of humor about both the big jobs he's served in: “The truth is, Wall Street has always coveted veterans. At Goldman, CEOs Weinberg and Corzine were Marines, Whitehead was a Naval Officer, forgivable because he captained Higgins boats, and before we emplaced our Veterans’ Network, Blankfein beat us to the punch by making it a central giving focus. The US military is competitive, proud, committed, and a bit maniacal. A lot like Goldman and the other banks.”

Dennis Cornell went from a sub to leading Morgan Stanley's energy banking team

For nearly 16 years, Dennis Cornell has been with Morgan Stanley, most recently heading up its energy investment banking team in New York. Cornell's path to Wall Street went first through the University of Pennsylvania's Wharton undergraduate program (and, in the school's Navy ROTC program) before he joined the military. He would go on to spend five years as an engineer on nuclear submarines before heading to the world of dealmaking.

John Councill served as an Army Ranger before joining Goldman Sachs

John Councill had the military career many young men and women dream about before signing up for work at Goldman Sachs. He attended the United States Military Academy at West Point in upstate New York, graduating in 2003. By 2004, he was an Army Ranger, one of the most elite levels of military service in the US. After more than five years with the Army, including a stint in Iraq, he deployed to the Massachusetts Institute of Technology, where he'd earn his MBA in finance. Councill joined Goldman less than two years ago in its asset management division. 

Frank Carlucci was deputy secretary of Defense before switching to private equity

During his DC days, Frank Carlucci worked in roles including deputy secretary of Defense, deputy director of Central Intelligence, and worked in the Office of Management and Budget. Carlucci was among the first big names in DC to switch career tracks. He joined the Carlyle Group in 1989 as managing director and became chairman in 1993. He held that role until late 2002, when he was replaced as chair by ex-IBM CEO Lou Gerstner.

After spending time in the US Air Force, Michael Ross signed up for a long haul in banking

Michael Ross graduated from the US Air Force Academy in 1981 to fly the KC-135, a military refueling plane. He spent more than five additional years after graduating with the US Air Force and simultaneously earned his MA before going on to join a number of firms that would make many Wall Street pros wistful for the old day: EF Hutton, Smith Barney and Shearson Lehman Brothers. Today, he's executive director and financial advisor with Morgan Stanley, where he's been for more than six years. 

David Petraeus is one of the most famous members of the military to decamp to finance

After 37 years in the US Army, Petraeus spent just one year running the Central Intelligence Agency before he resigned amid infidelity allegations that surfaced as a result of an FBI investigation. The former general made his move to private equity firm KKR long before he had to plead guilty to mishandling classified information; the private equity firm said after Petraeus’ misdemeanor plea he would remain on board. 

HOOAH! Todd Haskins is one of a limited number of Wall Street jarheads

Todd Haskins today is managing director of the financial sponsors investment banking division at Goldman Sachs — but, in the late 1990s, he was a Wall-Street-jarhead-in-the-making. He served in varying roles with the Marine Corps, leaving after making the rank of captain. Haskins went on to to work for Morgan Stanley, Ernst & Young and Blue Sage Capital in junior roles before heading to Goldman. He has been there more than 11 years, and today is co-head of the Goldman Sachs veterans network and serves as chairman of the New York City Veteran Advisory Board. 

James Hibbs went on to join JPMorgan after various military roles

John Hibbs got his start first at the US Naval War College before rising through the ranks to become director of global cyber security operations with the Navy cyber defense operations command in Virginia. After a stint with General Electric, he joined JPMorgan as managing director and global technology leader in New York.

Walter "Bud" Abbott served in Operation Desert Storm

Walter "Bud" Abbott spent six years in the US Navy, earning seven national medals and three Letters of Commendation for his work, including in Operation Desert Storm. He spent more than a decade with Fidelity before joining the Fiduciary Trust Company of New England, a wealth advisor and investment manager, in New Hampshire earlier this year. 

Brent Brown was a counterintelligence officer before heading into private equity

Brent Brown is another graduate of the esteemed United States Military Academy at West Point, and after that he went on to serve as a counterintelligence officer in the US Army, eventually rising to the rank of captain. He went back to school at Harvard Business School,  and did a quick stint at Goldman Sachs as an associate before getting into the world of private equity in 2004. That's where he's been the last 11 years, and today is a managing partner with Madison Parker Capital. 

Joe Purcell joined Morgan Stanley after spending nearly a decade in the Navy

Joe Purcell served as a supply officer in the US Navy from 1980 until 1989 in various roles, allowing him to work on a nuclear submarine and an aircraft carrier. He continued to serve in the Navy Reserves, retiring with the rank of commander. Today, he's managing director of Morgan Stanley's financial sponsors coverage group. He said serving his country helped him get ready for life on Wall Street:

“The Navy gave me a foundation of rigor, focus and high standards that provided me the internal strength and clear guidelines to build a career in a demanding Wall Street environment. For this I am eternally grateful to the service. This same type of training prepares Veterans from all services to be strong contributing professionals and leaders across all aspects of the US economy and, will help propel us forward.”

Blackstone's Tom Hill served alongside Schwarzman in the Army Reserves

Tom Hill has enjoyed a lengthy career on Wall Street, spanning from First Boston to Shearson Lehman Brothers to Smith Barney. Before any of that, he attended Harvard Business School, where he met Steve Schwarzman. The two would go on to serve in the same Army Reserves intelligence unit, and made annual trips to Fort Meade together for years. Today, Hill is president and CEO of Blackstone's hedge fund solutions group and sits on its board of directors. 

Brian Kinsella works at Goldman Sachs — and the founder and CEO of Stop Soldier Suicide

Brian Kinsella spent more than five years with the US Army serving in Iraq, Italy, Germany, Haiti and in Kentucky camps. Leaving the military in 2010, he took on a calling and immediately founded Stop Soldier Suicide, which he still leads today. The veteran-led initiative aims to cut down on the number of suicides committed by US military members. He's also an energy sector specialist at Goldman Sachs, where he's been for nearly three years. 

Deutsche Bank's Paul Marcato has been awarded the Bronze Star for heroism in a combat zone

There's 'tough,' there's 'Army tough,' and then apparently there's 'Paul Marcato tough.' He spent more than eight years flying chopper missions in Iraq and was awarded the Bronze Star for heroism in a combat zone. As he rose through the ranks, he took on leadership roles including operational planning for the Iraqi Parlimentary Elections and scaling back US forces in Iraq — today, he's a vice president inglobal transaction at Deustche Bank, where he's been for nearly four years.

Jordan Thayer said counseling fellow troops on spending helped him get ready for a career as a financial advisor

Jordan Thayer spent more than five years as a US Marine, serving in places including Afghanistan — and, counseling his comrades on how to not blow all their cash, he said. That helped translate into his career after the military. Thayer today is a financial advisor at Morgan Stanley, which has veterans programs for MBA candidates and undergrads alike. Here's what he recently said, at Morgan Stanley's website, about making the transition and how serving his country helped him:

“In Afghanistan, I set benchmarks for my Marines to excel at fitness and marksmanship tests. At Morgan Stanley, I set the same kind of benchmarks for myself, making sure I’m always staying in touch with clients and reaching out to the community,” Thayer said. “It’s a matter of prioritizing and controlling what I can control.”

Today Ray Ordierno is JPMorgan's senior advisor, providing advice to CEO Jamie Dimon

Retired four-star General Ray Ordierno joined JPMorgan earlier this year in an advisory role to bank CEO Jamie Dimon. In his 39 years of military service, he racked up more accomplishments and awards than this space can cover (but, check 'em out here). He has also spoken out on leadership in bank culture, and had this to say last week: 

"A military leader needs to be cognizant of more than just strategy; a leader in the financial world has to focus on more than just economics. The political atmosphere, diplomatic relations, security, and public policy all come into play for any given market, and each can significantly affect the others. An effective leader is able to discern how each factor interacts and discern risk and appropriate ways to mitigate risk."

Former Air Force Captain Andrew Sendall joined Citigroup later in his career

Andrew Sendall spent five years in the US Air Force in the late 1980s and early 90s as a captain before he headed to the financial services sector. After working at UBS and at Barclays, he landed at Citigroup, where he has been director of risk management and business continuity for the last four years. 

Timothy Roepke graduated from West Point before moving his way up the ladder

Timothy Roepke attended the United States Military Academy at West Point before joining the US Army and serving a five-year stint as an officer. At the same time he was serving his country, he also would go on to earn his MBA from The College of William and Mary. He went on to work at General Electric after leaving the military in 2006, and then at Barclays, before landing at Credit Suisse. Today, he's got five years under his belt with Credit Suisse and is vice president and a director in its technology, media and telecom banking business. 

Today, Ross Brown is director of military and veterans affairs for JPMorgan Chase

Ross Brown served in the US Army for 27 years after graduating from West Point. Some of his assignments include working as a commander in Iraq and in Honduras, as well as his service on the Army and Joint Staffs under the Secretary of Defense. After leaving his role in the US Army, Brown spent time working at the Pentagon before joining JPMorgan as director of military and veterans affairs. 

West Point graduate Nick Padgalskas spent the better part of a decade with Citigroup after leaving the military

Nick Padgalskas earned his undergraduate degree at West Point before joining the US Army and serving for five years, leaving with the rank of captain. After his service to his country, Padgalskas headed to MIT to earn his MBA and an MS degree in engineering, and was also honored as a Siebel Scholar, which recognizes graduate students and supports their tuition. After graduating, it was straight to Wall Street: in 2007, he joined Citigroup. He soon moved from New York to Hong Kong, and moved up the ranks. Today, Padgalskas is a director in energy investment banking in Singapore. 

George J. Dennis went from the Navy to Goldman Sachs

Over more than eight years in the US Navy, George J. Dennis rose to the rank of lieutenant and landed hundreds of jets on naval air carriers. After leaving the military in 1998, he would join Goldman Sachs, where he works today. Dennis is managing director for a group that manages families' and institutions' capital with Goldman in California. 

After leaving the military, Gary Giglio joined Goldman Sachs

Before joining Goldman Sachs, Gary Giglio served in the US Army. Giglio joined Goldman in 1994, moving to New York in 2004, the same year he was named partner. Now, he's partner and regional head of private wealth management in New York. Here's what he told Business Insider:

“My military experience taught me the value of teamwork and integrity. In both the Army and at Goldman Sachs, teamwork is essential and rigorous honesty is required to build trust. In the Army, rapid fire decision making was critical in a highly fluid environment. Similarly, in business, making fast and accurate decisions is a differentiator.”

Patrick Perdue first spent a decade on Navy subs, then another in banking

Patrick Perdue earned his engineering degree at the US Naval Academy in Annapolis before joining the Navy, and, according to his LinkedIn profile, spent a decade working on submarines before he attended NYU's Stern School of Business. From there, he joined JPMorgan in 2005 for three years and today works with boutique bank Academy Securities.

Joe Femenia learned skills for Wall Street — first, as a Navy SEAL

Joe Femenia joined Goldman Sachs as a summer associate in 2006 and returned full-time in 2007. He was named managing director in 2013. But before that,Femenia served his country as a US Navy SEAL. Alongside Todd Haskins,Femenia is co-head of the Goldman Sachs Veterans Network and was involved in Goldman's launch of a veterans' internship program. 

Here's what he told BI: "The SEALs teach people how to think, make decisions and react quickly in stressful environments and BUD/S training forces you to be resilient.  These are very valuable skills on Wall Street and in corporate America regardless of what a Veteran knows about business when they transition from active duty."

KKR's Scott Cullerton was special warfare detatchment commander for the US Navy

Scott Cullerton is a director in private equity firm KKR's capital solutions group, focusing on debt origination for the firm's credit platform. He worked his way up the Wall Street ranks with jobs at Morgan Stanley and Merrill Lynch. Before that, he served in the US Navy, where he was special warfare detatchment commander. Here's what he had to say to BI: 

“The common thread between my experience in the Navy and my time at KKR has been consistently being part of a lean, dynamic team where everyone had to pull their own weight.”

That's not all!

Now, check out the one boutique bank that keeps swiping deal flow from the biggest firms on the street, in a year where record M&A could drive smaller firms record revenues. 

• Data breaches are on the rise. Since January 2017, at least 16 retailers were hacked and likely had information stolen from them.
• A report from cybersecurity firm Shape Security showed that almost 90% of the login attempts made on online retailers' websites are hackers using stolen data.
• Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.

At least 16 separate security breaches occurred at retailers from January 2017 until now. Many of them were caused by flaws in payment systems, either online or in stores.

Data breaches are on the rise for both retailers and other businesses.

A recent report published by cybersecurity firm Shape Security showed that 80% to 90% of the people that log in to a retailer's e-commerce site are hackers using stolen data. This is the highest percentage of any sector. 

These data breaches are a real danger for both companies and customers and can affect the trust shoppers have in brands. 

According to a study by KPMG, 19% of consumers would completely stop shopping at a retailer after a breach, and 33% would take a break from shopping there for an extended period.

Here are 16 retailers that have been affected by data breaches since January 2017:

SEE ALSO: Bed Bath & Beyond customers are starting not to care about the best reason to shop there

Cheddar's Scratch Kitchen

Darden Restaurants announced on Wednesday it was notified by government officials on August 16 that it had been the victim of a cyberattack.

Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. Darden estimates that 567,000 payment card numbers could have been compromised.

Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.

Macy's

Macy's confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26 and June 12 could have had their personal information and credit card details exposed to a third party.

Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people. 

Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."

Adidas

Adidas announced in June that an "unauthorized party" said it had gained access to customer data on Adidas' US website. Currently, the company believes only customers who shopped on and purchased items from the US version of Adidas.com may have been affected by the breach.

The data that is potentially at risk includes customer contact information, like email addresses and physical addresses, as well as login information, like usernames and passwords. The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used.

Adidas did not say exactly how many customers could have been affected by the breach, but an Adidas spokeswoman confirmed it is likely "a few million."

Sears

Sears alerted customers on April 4 of a "security incident" with an online support partner [24]7.ai that may have resulted in up to 100,000 people having their credit-card information stolen.

The incident affected shoppers who bought items online from September 27, 2017 to October 12, 2017

Kmart

Kmart, which is owned by Sears Holdings, was also affected by the breach, the company reported on April 4.

Kmart had been affected by a separate breach last June. 

Delta

Delta used the same online support service as Sears and was also affected by the reported breach.

The airline said customer payment information may have been vulnerable but did not estimate how many of its customers were affected.

Best Buy

Best Buy was also affected by the breach of [24]7.ai, it told customers on April 5.

The retailer said only "a small fraction of our overall online customer population" was affected in the breach, which might have jeopardized payment information.

Saks Fifth Avenue

Hudson's Bay, the parent company of Saks Fifth Ave, confirmed in April that a data breach compromised payment systems and therefore customers' credit and debit cards.

Estimates of the amount of affected customers have not yet been released, but could number in the millions. Online customers were not affected.

Lord & Taylor

Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach.

Under Armour's MyFitnessPal app

While Under Armour's store systems or online store weren't affected, the retailer confirmed in March that data from its MyFitnessPal app was accessed by an "unauthorized party."

Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. More than 150 million people's information was likely compromised.

Panera Bread

Panera Bread confirmed on April 2 that it was notified of a data leak on its website. 

At the time, it said personal information, including names, addresses, and partial credit card numbers may have leaked, though the company says the investigation is ongoing.

Forever 21

Forever 21 alerted its customers in November that some of their information may have been stolen.

A flaw in the store's cashier terminals may have inadvertently exposed data like credit card numbers, expiration dates, and internal verification codes to hackers. Customers who shopped in stores from March through October 2017 are vulnerable.

Sonic

Sonic told Business Insider in September 2017 that it detected "unusual security regarding credit cards being used at Sonic."

Credit cards from 5 million customers may have been stolen, as most of the chains more than 3,600 locations use the same payment system.

Whole Foods

Whole Foods announced last August that it "recently received information regarding unauthorized access of payment card information."

A flaw in the point-of-sale system used by the chain's taprooms and table-service restaurants was affected, but not the system the grocery store itself uses.

Gamestop

Gamestop confirmed a data breach in April 2017. Customers who shopped online for a six-month period were vulnerable, from August 10, 2016 to February 9, 2017.

Names, addresses, and credit card information were all taken in a breach of the website's payments processor.

Arby's

Arby's confirmed in February 2017 a data breach affected 355,000 credit and debit cards used at its stores.

Malware in the chain's cashier systems between October 25, 2016 and January 19, 2017 allowed the unauthorized access. 

• Data breaches are becoming common for all kinds of businesses, including retailers.
• Since the start of 2018, at least 19 retailers and consumer companies were hacked and likely had information stolen from them.
• Many of these breaches were caused by flaws in payment systems that were taken advantage of by hackers.
• Retailers who suffer data breaches risk losing their customers' trust. 
• Visit Business Insider's homepage for more stories.

Data breaches are on the rise for all kinds of businesses, including retailers. 

At least 19 consumer companies reported data breaches since January 2018. Many of them were caused by flaws in payment systems either online or in stores.

A report published by cybersecurity firm Shape Security showed that 80-90% of the people who log in to a retailer's e-commerce site are hackers using stolen data. This is the highest percentage of any sector examined in the report.

These data breaches are a real danger for both companies and customers, as they can damage the trust shoppers have in brands. 

According to a study by KPMG, 19% of consumers said they would completely stop shopping at a retailer after a breach, and 33% said they would take a break from shopping there for an extended period.

But one expert from a personal virtual network service provider said that he's worried about the ultimate fallout from all these breaches.

"Due to frequent cyber-attacks and data leaks, people are becoming less attuned to privacy risks," Daniel Markuson, a digital privacy expert from NordVPN, said in a statement. "This may lead to a careless attitude towards their own personal safety, and that would mean more severe damage for all internet users."

Here are the consumer and retail companies that have suffered a data breach since January 2018: 

SEE ALSO: Jeff Bezos has said that Amazon has had failures worth billions of dollars — here are some of the biggest ones

Hy-Vee

On August 14, grocery chain Hy-Vee announced that it has launched an investigation to look into unauthorized transactions made at some of its fuel pumps, drive-thru coffee shops, and restaurants.

In a statement online, the company said that it didn't believe that other payments made in its grocery stores, drugstores, or convenience stores had been impacted. 

Poshmark

On August 1, Poshmark released a statement on its website saying that "data from some Poshmark users was acquired by an unauthorized third party." The company said that the stolen data "does not include any financial or physical address information" and that it shouldn't have compromised any passwords.

The online clothing marketplace was hacked despite using "one of the stronger algorithms" to "scramble passwords," TechCrunch reported.

Checkers and Rally's

On May 29, the parent company of fast-food chains Checkers and Rally's informed customers it had found malware at more than 100 restaurants.

The program was installed in the point-of-sale machines and was designed to take credit-card information, but not personal information, the company said. 

Buca di Beppo

Buca di Beppo's parent company, Earl Enterprises, was hit with a major data breach that potentially lasted from May 23, 2018 to March 18, 2019.

The breach may have exposed customers' names and credit- and debit-card numbers, as well as their expiration dates.

Planet Hollywood

Some Planet Hollywood restaurants were also impacted by the breach that hit parent company Earl Enterprises. 

Earl of Sandwich

Locations of Earl of Sandwich were also affected by the Earl Enterprises breach. 

Chicken Guy!

Guy Fieri's chicken chain was affected by the same breach. 

Mixology 101

This Los Angeles restaurant was also named in the Earl Enterprises breach. 

Tequila Taqueria

This Las Vegas restaurant was named as possibly being impacted by the Earl Enterprises breach. 

Marriott hotels

Marriott disclosed a massive breach of data from 500 million customers in late November.

Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, likely had their data exposed.

Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information.

Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it.

"Marriott reported this incident to law enforcement and continues to support their investigation," the company said at the time. "The company has already begun notifying regulatory authorities."

Arne Sorenson, Marriott's president and CEO, said: "We deeply regret this incident happened."

Kay Jewelers

Signet Jewelers, parent company of Kay Jewelers, had a vulnerability in its website that exposed customers' information after they had purchased jewelry online.

By changing the link customers received confirming online orders, anyone could access information including customers' names, the order's billing address, shipping address, phone number, and email address, plus the number of items and total dollar amount for the order, the delivery date, and a tracking link.

Only the last four digits of a customer's credit-card number were on the page, however.

The issue was fixed in November for orders going forward. It was fixed for past orders in December, according to Krebs on Security. 

Jared The Galleria of Jewelry

Signet Jewelers also owns Jared The Galleria of Jewelry, which had the same vulnerability as Kay.

Cheddar's Scratch Kitchen

Darden Restaurants announced in August that it had been notified by government officials that it was the victim of a cyberattack.

Customers who visited Darden-owned Cheddar's Scratch Kitchen between November 3, 2017 and January 2, 2018 may have had their credit-card information stolen. Darden estimates that 567,000 card numbers could have been compromised.

Customers affected would have visited a Cheddar's location in any one of these states: Alabama, Arizona, Arkansas, Delaware, Florida, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, Michigan, Missouri, Nebraska, New Mexico, North Carolina, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, and Wisconsin.

Macy's

Macy's confirmed that some customers shopping online at Macys.com and Bloomingdales.com between April 26, 2018 and June 12, 2018 could have had their personal information and credit-card details exposed to a third party.

Macy's did not confirm exactly how many people were impacted. However, a spokesperson for the company said the breach was limited to a small group of people. 

Macy's said in a statement: "We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures. Macy's, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services."

Adidas

Adidas announced in June 2018 that an "unauthorized party" had gained access to customer data on Adidas' US website. At the time, the company said it believed only customers who shopped on and purchased items from the US version of Adidas.com could have been affected by the breach.

The data that is potentially at risk includes customer contact information like email addresses and physical addresses, as well as login information like usernames and passwords. The passwords were stored with an encryption, however, which would need to be unencrypted before they could be used.

Adidas did not say exactly how many customers could have been affected by the breach, but an Adidas spokeswoman confirmed it was likely "a few million."

Saks Fifth Avenue

Hudson's Bay, the parent company of Saks Fifth Ave, confirmed in April 2018 that a data breach compromised payment systems and therefore customers' credit and debit cards.

Estimates of the amount of affected customers were not released, but it could number in the millions. Online customers were not affected.

Lord & Taylor

Hudson's Bay also owns Lord & Taylor, and those stores were also affected by the breach.

Under Armour's MyFitnessPal app

While Under Armour's store systems and online store weren't affected, the retailer confirmed in March 2018 that data from its MyFitnessPal app was accessed by an "unauthorized party."

Payment information was not released, but Under Armour says user names, emails, and encrypted passwords were affected. More than 150 million people's information was likely compromised.

Panera Bread

Panera Bread confirmed on April 2, 2018 that it was notified of a data leak on its website. 

At the time, it said personal information, including names, addresses, and partial credit card numbers may have leaked, though the company says the investigation is ongoing.

• Amazon CEO Jeff Bezos had his phone hacked in May 2018, and the primary suspect is Saudi Crown Prince Mohammed bin Salman.
• A UN report published Wednesday said a forensic analysis concluded that Bezos' iPhone was likely hacked using a notorious tool named Pegasus created by the NSO Group, a secretive firm from Israel that bills itself as a leader in cyberwarfare. Saudi officials have been repeatedly connected to Pegasus hacks, according to the report.
• Pegasus enables hackers to remotely access everything in an infected smartphone, from text messages to location data — and it's next to impossible to know without a professional analysis whether your phone was infected.
• In the case of Bezos, the analysis found that hackers had access to his phone for months, according to the UN report.
• Visit Business Insider's homepage for more stories.

Amazon CEO Jeff Bezos had his phone hacked for months and gigabytes of his private data stolen, according to a forensic analysis cited in a UN report published on Wednesday.

The primary suspect in the hacking: Saudi Crown Prince Mohammed bin Salman, who he was exchanging WhatsApp messages with.

The how of the hack, according to the report, is maybe the wildest detail: A 2019 forensic analysis of Bezos' iPhone "assessed with 'medium to high confidence' that his phone was infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman, the Crown Prince of the Kingdom of Saudi Arabia."

The analysis found that Bezos' phone was likely hacked using a notorious tool named Pegasus created by the NSO Group, a secretive firm from Israel that bills itself as a leader in cyberwarfare.

So how does Pegasus work? And how did it get inside the phone of the richest man in the world?

SEE ALSO: The UN just called for an 'immediate investigation' into the Crown Prince of Saudi Arabia over reports saying he hacked Jeff Bezos' phone

What is Pegasus?

What Pegasus does is relatively simple: The tool provides full access to an infected smartphone, remotely and discreetly.

That includes text messages, as well as your smartphone's camera and microphone. The spyware was created by an Israeli company, the NSO Group, and it's nothing new.

Pegasus was discovered in 2016 when a man in the United Arab Emirates named Ahmed Mansoor was targeted with "suspicious text messages," John Scott-Railton, a senior researcher at The Citizen Lab at the University of Toronto's Munk School, told Business Insider in an interview last May.

The Citizen Lab is an academic research group credited with being the first to identify Pegasus.

"Those text messages actually came bearing some suspicious links," he said. "We thought they looked pretty dicey, so my colleague Bill [Marczak] borrowed a colleague's iPhone, clicked on the links, and was able to successfully get the phone infected with what was then a mystery piece of spyware."

That "mystery" spyware was Pegasus, and Mansoor was being targeted — most likely because of his work as a human-rights advocate. Mansoor is serving a 10-year prison sentence in the UAE for publicly criticizing the government.

Here's a photo of the smartphone-hacking hardware that NSO Group sells.

Business Insider's Becky Peterson snapped a photo of the hacking hardware sold by NSO Group at a security conference in Paris. Read more about the photo here.

How was Bezos' phone hacked?

The UN report said the analysis of Bezos' iPhone found that Bezos and Crown Prince Mohammed "exchanged phone/WhatsApp numbers the month before the alleged hack."

It's through this connection, the analysis found, that the hack was performed.

The analysis "assessed with 'medium to high confidence' that his phone was infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilized personally by Mohammed bin Salman," the report said.

In short: The analysis contends that Crown Prince Mohammed sent Bezos a video file that, regardless of him clicking on the file, enabled Pegasus to infiltrate Bezos' iPhone.

The report said the analysis found that "within hours of receipt of the MP4 video file from the Crown Prince's account, massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began."

The content of the video wasn't made clear in the report, but The New York Times described it as having "an image of Saudi and Swedish flags overlaid with Arabic text."

How do you know whether your phone is infected with spyware like Pegasus? If the hackers are doing their job right, it's extremely difficult to find out.

If your phone is infected with spyware like Pegasus, it's extremely difficult to know — even if you're Jeff Bezos.

The phone probably won't start suddenly overheating or ripping through battery life. If that were the case, "then the people who did it have not done their jobs right," Scott-Railton said.

In fact, if you're not a cybersecurity researcher, it's nearly impossible to know.

"It's quite tricky, because the software is, of course, designed to be hard to find," Scott-Railton said. "What we did in the first instance was we actually captured the network traffic going into the phone after the [link] was clicked, and that gave us the infection."

Unless you're monitoring the network traffic going into your smartphone and are savvy enough to know what type of network traffic could demonstrate malicious behavior, it's unlikely that you'd catch spyware like Pegasus running on your device.

That's exactly how investigators identified that Bezos phone was hacked.

The forensic analysis found that "massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began, increasing data egress suddenly by 29,156 per cent to 126 MB," the UN report said. "Data spiking then continued undetected over some months and at rates as much as 106,032,045 per cent (4.6 GB) higher than the pre-video data egress baseline for Mr. Bezos' phone of 430KB."

Who makes Pegasus? And how is it used?

Pegasus is intended as a cyberweapon for use by international governments.

An Israeli company named NSO Group operates it, and the Israeli Ministry of Defense is said to regulate sales of the software outside Israel.

"We are selling Pegasus in order to prevent crime and terror," NSO Group CEO Shalev Hulio told "60 Minutes" in an interview last year.

Hulio added: "Intelligence agencies came to us and say, 'We do have a problem. With the new smartphones, we can't get valuable intelligence.'"

An unnamed European security official confirmed to "60 Minutes" that NSO Group software had been used to thwart terrorist attacks in Europe.

"It wouldn't surprise me to know that some of NSO's claims about being used to go after criminals are correct," Scott-Railton told Business Insider last May. "The issue is that the fact that it's used lawfully doesn't falsify all these abuse cases."

What are some alleged Pegasus "abuse cases"?

Pegasus has been linked to the death of the Saudi journalist Jamal Khashoggi, and it was reportedly used to track a student in Canada who was critical of the Saudi government.

"His name is Omar Abdulaziz," Scott-Railton said. "He's a Saudi critic going to college in Montreal. We found that his infected phone was bouncing back and forth between his home network and his university gym over last summer."

A similar story played out in Mexico in 2017, according to Scott-Railton:

"We had this crazy case that I found in Mexico back in 2017 where three people — a nutrition activist, a public-health researcher, and a consumer advocate — were all targeted with Pegasus in Mexico.

"The only thing that holds them in common is that they were all advocating to slightly increase the tax on soda beverages. So the most reasonable implication is that somebody from a private interest directed somebody from the government in order to target these people because they were pushing against the soda lobby in Mexico. State-grade malware — it'd be like targeting somebody with Stuxnet because they had suggested there be a $0.10 bottling fee on Coca-Cola."

In the case of Bezos, the UN report linked his ownership of The Washington Post to being targeted by the Saudi crown prince: "This was part of a massive, clandestine online campaign against Mr. Bezos and Amazon, apparently targeting him principally as the owner of The Washington Post."

For its part, NSO Group has flatly denied that Pegasus software was used to hack Bezos. "We can say unequivocally that our technology was not used in this instance,"a statement on its website said.

• Facebook removed dozens of accounts and Pages originating in Russia and Iran, the social media giant announced on Wednesday morning. 
• The accounts and Pages were engaged in "coordinated inauthentic behavior on behalf of a government or foreign actor," Facebook head of security policy Nathaniel Gleicher wrote in a blog post.
• In the case of the Russian accounts and Pages that were banned, Facebook found digital footprints tracing back to Russian military intelligence services. 
• Visit Business Insider's homepage for more stories.

Facebook has removed dozens of accounts it said were engaging in "coordinated inauthentic behavior on behalf of a government or foreign actor,"the company revealed on Wednesday morning.

Those accounts primarily originated in Russia, Facebook head of security policy Nathaniel Gleicher said, where the focus was on propaganda efforts in Ukraine.

"The Page admins and account owners typically posted content in Russian, English and Ukrainian about local and political news including public figures in Ukraine, Russian military engagement in Syria, alleged SBU leaks related to ethnic tensions in Crimea and the downing of the Malaysian airliner in Ukraine in 2014," he said.

Moreover, Gleicher said Facebook traced back the activity to Russian military intelligence services.

Beyond the pages linked to Russia, 11 Facebook and Instagram accounts originating in Iran were shuttered. Unlike the Russian accounts, the ones tied to Iran were intended to sway American Facebook users.

"They shared posts about political news and geopolitics including topics like the US elections, Christianity, US-Iran relations, US immigration policy, criticism of US policies in the Middle East and public figures as well as video interviews with academics, public figures and columnists on issues related to Iran and US elections," Gleicher said.

Facebook has been on a years-long effort to improve its image after failing to adequately police its massive social networks. 

During the 2016 US election, the Russian government used Facebook and other social media services to influence the election in President Donald Trump's favor. In the years since, both the Trump campaign and Facebook have downplayed the role that Facebook played in the 2016 election.

Some have argued, including one former Facebook exec, that another aspect of Facebook had a much larger impact on the 2016 elections: Advertising.

"Was Facebook responsible for Donald Trump getting elected?"Facebook VP Andrew "Boz" Bosworth wrote in early January. "I think the answer is yes, but not for the reasons anyone thinks."

Though Russia attempted to influence the election in favor of Trump through various means on Facebook — advertising and fake accounts, among other methods — Bosworth said those attempts weren't particularly effective.

Instead, Bosworth said, "He got elected because he ran the single best digital ad campaign I've ever seen from any advertiser. Period."

The Trump campaign "did unbelievable work," he said. "They weren't running misinformation or hoaxes. They weren't micro targeting or saying different things to different people," Bosworth wrote. "They just used the tools we had to show the right creative to each person. The use of custom audiences, video, ecommerce, and fresh creative remains the high water mark of digital ad campaigns in my opinion."

Facebook has also come under fire for not fact-checking ads run by politicians, even when those politicians run ads that contain falsehoods.

It's become a major point of contention between Facebook's critics and CEO Mark Zuckerberg, who has repeatedly argued in favor of the policy. 

"We don't fact-check political ads," Zuckerberg said in a wide-ranging speech at Georgetown University in October 2019. "We don't do this to help politicians, but because we think people should be able to see for themselves what politicians are saying. And if content is newsworthy, we also won't take it down even if it would otherwise conflict with many of our standards."

SEE ALSO: A clear picture is emerging of how Russia used Facebook to try to sway the election — here's what we know so far

Join the conversation about this story »

NOW WATCH: Jeff Bezos reportedly just spent $165 million on a Beverly Hills estate — here are all the ways the world's richest man makes and spends his money